{
"info": {
"author": "Daniel Garcia (cr0hn) / Roberto Munoz (robskye)",
"author_email": "cr0hn@cr0hn.com",
"bugtrack_url": null,
"classifiers": [
"Environment :: Console",
"Intended Audience :: Other Audience",
"Intended Audience :: System Administrators",
"License :: OSI Approved :: BSD License",
"Operating System :: MacOS",
"Operating System :: Microsoft :: Windows",
"Operating System :: POSIX",
"Programming Language :: Python :: 3.5",
"Topic :: Security"
],
"description": "dockerscan\n==========\n\n*dockerscan: A Docker analysis & hacking tools*\n\n.. image:: https://github.com/cr0hn/dockerscan/raw/master/doc/source/_static/dockerscan-logo.png\n :height: 64px\n :width: 64px\n :alt: DockerScan logo\n\n+----------------+--------------------------------------------------+\n|Project site | http://github.com/cr0hn/dockerscan |\n+----------------+--------------------------------------------------+\n|Issues | https://github.com/cr0hn/dockerscan/issues/ |\n+----------------+--------------------------------------------------+\n|Author | Daniel Garcia (cr0hn) / Roberto Munoz (robskye) |\n+----------------+--------------------------------------------------+\n|Documentation | http://dockerscan.readthedocs.org |\n+----------------+--------------------------------------------------+\n|Last Version | 1.0.0-Alpha-02 |\n+----------------+--------------------------------------------------+\n|Python versions | 3.5 or above |\n+----------------+--------------------------------------------------+\n\nWhat's dockerscan\n=================\n\nA Docker analysis tools\n\nVery quick install\n==================\n\n.. code-block:: bash\n\n > python3.5 -m pip install -U pip\n > python3.5 -m pip install dockerscan\n\nShow options:\n\n.. code-block:: bash\n\n > dockerscan -h\n\nAvailable actions\n=================\n\nCurrently Docker Scan support these actions:\n\n- Scan: Scan a network trying to locate Docker Registries\n\n- Registry\n\n - Delete: Delete remote image / tag\n - Info: Show info from remote registry\n - Push: Push an image (like Docker client)\n - Upload: Upload a random file\n\n- Image\n\n - Analyze: Looking for sensitive information in a Docker image.\n\n - Looking for passwords in environment vars.\n - Try to find any URL / IP in the environment vars.\n - Try to deduce the user used internally to run the software. This is not trivial. If the entry point is a .sh file. Read the file and try to find call to sudo-like: \u201csudo\u201d, \u201cgosu\u201d, \u201csh -u\u201d\u2026 And report the user found.\n\n - Extract: extract a docker image\n - Info: Get a image meta information\n - Modify:\n\n - entrypoint: change the entrypoint in a docker\n - **trojanize**: inject a reverser shell into a docker image\n - user: change running user in a docker image\n\nWhat's the difference from Clair or Docker Cloud?\n=================================================\n\nThe purpose of Dockerscan is different. It's focussed in the attack phase.\n\nAlthough Dockescan has some functionalities to detect vulnerabilities in Docker images and Docker registries, the objective is the attack.\n\nDocumentation\n=============\n\nDocumentation is still in progress... sorry!\n\nFor the moment we only have the slides presented at RootedCON Spain, the conference where Docker Scan was presented:\n\nhttps://www.slideshare.net/secret/fxVqD2iXqanOCX\n\nOr you can watch it in video format (recommended):\n\nhttps://youtu.be/OwX1e4y4JMk\n\nAlso, you can watch a dockerscan usage demo:\n\nhttps://youtu.be/UvtBGIb3E3o\n\nContributing\n============\n\nAny collaboration is welcome!\n\nThere are many tasks to do. You can check the `Issues `_ and send us a Pull Request.\n\nLicense\n=======\n\nThis project is distributed under `BSD license `_",
"description_content_type": null,
"docs_url": null,
"download_url": "UNKNOWN",
"downloads": {
"last_day": -1,
"last_month": -1,
"last_week": -1
},
"home_page": "https://github.com/cr0hn/dockerscan",
"keywords": null,
"license": "BSD",
"maintainer": null,
"maintainer_email": null,
"name": "dockerscan",
"package_url": "https://pypi.org/project/dockerscan/",
"platform": "UNKNOWN",
"project_url": "https://pypi.org/project/dockerscan/",
"project_urls": {
"Download": "UNKNOWN",
"Homepage": "https://github.com/cr0hn/dockerscan"
},
"release_url": "https://pypi.org/project/dockerscan/1.0.0a3/",
"requires_dist": null,
"requires_python": null,
"summary": "A Docker analysis tools",
"version": "1.0.0a3"
},
"last_serial": 2707653,
"releases": {
"1.0.0a1": [
{
"comment_text": "",
"digests": {
"md5": "83bc2b4fe5fe404723437912a040640f",
"sha256": "7303f51f5197bd78610b55c54201f826e6ef3b1b83ab314fc2f9d3681da08023"
},
"downloads": -1,
"filename": "dockerscan-1.0.0a1.tar.gz",
"has_sig": false,
"md5_digest": "83bc2b4fe5fe404723437912a040640f",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 29994,
"upload_time": "2017-03-04T11:46:06",
"url": "https://files.pythonhosted.org/packages/3c/62/573184d994a57139fdeb7695ee276ed2aeeb1effc35ab53b53e7ce2e30b5/dockerscan-1.0.0a1.tar.gz"
}
],
"1.0.0a2": [
{
"comment_text": "",
"digests": {
"md5": "7053f3f9e0fbf9a54b6f634c1914de4e",
"sha256": "cfa15ecb011c5f77a607da6cf16410e3d54979f14111d389ffc9faeae6c22315"
},
"downloads": -1,
"filename": "dockerscan-1.0.0a2.tar.gz",
"has_sig": false,
"md5_digest": "7053f3f9e0fbf9a54b6f634c1914de4e",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 32667,
"upload_time": "2017-03-15T02:06:16",
"url": "https://files.pythonhosted.org/packages/6f/57/a2f45f261ca0f33ced1050854ee6252ee88d23bf30280e08bd82cda50bd2/dockerscan-1.0.0a2.tar.gz"
}
],
"1.0.0a3": [
{
"comment_text": "",
"digests": {
"md5": "416f36f0eb0fb9de41a3292c2b0c82d8",
"sha256": "c14d5f8441f3136c464396ca27bca11cb65e6781df63f20501ac1fc537996ed2"
},
"downloads": -1,
"filename": "dockerscan-1.0.0a3.tar.gz",
"has_sig": false,
"md5_digest": "416f36f0eb0fb9de41a3292c2b0c82d8",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 32797,
"upload_time": "2017-03-15T15:20:41",
"url": "https://files.pythonhosted.org/packages/01/5f/955ed76d1b3f2cbcbd891e0fa1887c01f7f2116d5c014dd5c82f7ab7985c/dockerscan-1.0.0a3.tar.gz"
}
]
},
"urls": [
{
"comment_text": "",
"digests": {
"md5": "416f36f0eb0fb9de41a3292c2b0c82d8",
"sha256": "c14d5f8441f3136c464396ca27bca11cb65e6781df63f20501ac1fc537996ed2"
},
"downloads": -1,
"filename": "dockerscan-1.0.0a3.tar.gz",
"has_sig": false,
"md5_digest": "416f36f0eb0fb9de41a3292c2b0c82d8",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 32797,
"upload_time": "2017-03-15T15:20:41",
"url": "https://files.pythonhosted.org/packages/01/5f/955ed76d1b3f2cbcbd891e0fa1887c01f7f2116d5c014dd5c82f7ab7985c/dockerscan-1.0.0a3.tar.gz"
}
]
}